BugTraq
Back to list
|
Post reply
ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta
Jul 16 2003 05:25PM
G00db0y (G00db0y zone-h org)
ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta.
Published: 16/07/2003
Released: 16/07/2003
Name: Mail System Ver. 0.9 Beta
Affected Systems: All versions (?)
Issue: Remote attackers can view all messages (and sql injection
vulnerability)
Author: G00db0y (at) zone-h (dot) org [email concealed]
Description
***********
Zone-h Security Team has discovered a serious security flaw in Mail System
Ver. 0.9 Beta.
This is a simple internal mail system, originaly developed for an intranet
project.
Details
*******
Mail System Ver. 0.9 Beta is a simple internal mail system in ASP.
It's possible to retrieve all messages from it.
Everyone can download the database at the following url:
http://www.example.com/PATH/message.mdb
Moreover there is a sql injection vulnerability in the login
authentication form.
It's located at:
http://www.example.com/PATH/default.htm
From there it's possible to login with these strings:
Login name: ' or 'a'='a
Password: ' or 'a'='a
Solution:
*********
The vendor has been contacted and a patch is not yet produced
Suggestions:
************
Protect the message file, rewrite the login procedure.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2709/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta.
Published: 16/07/2003
Released: 16/07/2003
Name: Mail System Ver. 0.9 Beta
Affected Systems: All versions (?)
Issue: Remote attackers can view all messages (and sql injection
vulnerability)
Author: G00db0y (at) zone-h (dot) org [email concealed]
Description
***********
Zone-h Security Team has discovered a serious security flaw in Mail System
Ver. 0.9 Beta.
This is a simple internal mail system, originaly developed for an intranet
project.
Details
*******
Mail System Ver. 0.9 Beta is a simple internal mail system in ASP.
It's possible to retrieve all messages from it.
Everyone can download the database at the following url:
http://www.example.com/PATH/message.mdb
Moreover there is a sql injection vulnerability in the login
authentication form.
It's located at:
http://www.example.com/PATH/default.htm
From there it's possible to login with these strings:
Login name: ' or 'a'='a
Password: ' or 'a'='a
Solution:
*********
The vendor has been contacted and a patch is not yet produced
Suggestions:
************
Protect the message file, rewrite the login procedure.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2709/
[ reply ]